Privacy Policy

1. Information We Collect

We collect information to provide better services to all our users. The types of information we collect include:

1.1 Information You Provide to Us

Contact Information: Name, email address, phone number, company name, job title
Account Information: Username, password, security questions, and authentication data
Billing Information: Payment card details, billing address, purchase history
Communication Data: Messages, feedback, support tickets, and survey responses
Professional Information: Resume/CV data, certifications, professional references

1.2 Information We Collect Automatically

Data Type	Examples	Purpose
Device Information	IP address, device type, operating system, browser type	Security, compatibility, user experience
Usage Data	Pages viewed, time spent, click patterns, search queries	Analytics, service improvement
Location Data	Country, region, city (IP-based)	Content localization, compliance
Security Data	Login attempts, security events, access logs	Fraud prevention, security monitoring

1.3 Information from Third Parties

We may receive information about you from:

Business partners and resellers
Identity verification services
Credit reporting agencies (for enterprise customers)
Public databases and social media platforms
Security threat intelligence sources

2. How We Use Your Information

We use the information we collect for the following purposes:

Primary Uses

Provide, maintain, and improve our cybersecurity services
Process transactions and manage your account
Respond to your requests and provide customer support
Send service notifications and security alerts
Detect, prevent, and address fraud and security issues

2.1 Service Delivery

We process your information to:

Execute security assessments and vulnerability scans
Monitor and respond to security incidents
Provide threat intelligence and security recommendations
Deliver training and certification programs
Customize services to your organization's needs

2.2 Marketing and Communications

With your consent, we may use your information to:

Send newsletters and security advisories
Inform you about new services and features
Invite you to webinars and events
Share relevant industry insights and best practices

2.3 Legal Basis for Processing (GDPR)

3. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We share information only in the following circumstances:

3.1 Service Providers

We work with trusted third-party service providers who assist us in operating our business:

Infrastructure Providers: Cloud hosting, CDN, and backup services
Security Partners: Threat intelligence feeds, security tool vendors
Business Services: Payment processors, email providers, analytics
Professional Services: Legal advisors, accountants, auditors

Vendor Requirements

All our service providers must:

Sign strict confidentiality agreements
Process data only for specified purposes
Implement appropriate security measures
Comply with applicable privacy laws

3.2 Legal Requirements

We may disclose your information when required by law or in response to valid legal requests:

Court orders and subpoenas
Government investigations
National security requirements
Protection of rights and safety

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4. Data Security

As a cybersecurity company, we implement industry-leading security measures to protect your information:

5. Your Privacy Rights

Depending on your location, you may have specific rights regarding your personal information:

Right to Access

Request a copy of the personal information we hold about you

Right to Rectification

Correct inaccurate or incomplete personal information

Right to Erasure

Request deletion of your personal information in certain circumstances

Right to Restrict

Limit how we use your personal information

Right to Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests or direct marketing

5.1 Regional Privacy Rights

CCPA Rights (California Residents)

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of the sale of personal information (we do not sell data)
Right to non-discrimination for exercising privacy rights

5.2 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within the timeframe required by applicable law (typically within 30 days).

Verification: To protect your privacy, we may need to verify your identity before processing your request. This may include asking for additional information or documentation.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website:

6.1 Managing Cookies

You can control cookies through:

Our cookie consent banner when you first visit our site
Browser settings to block or delete cookies
Privacy-focused browser extensions
Opting out of analytics and advertising cookies

Note

Disabling certain cookies may limit the functionality of our website and services.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Data Category	Retention Period	Justification
Customer Account Data	Duration of relationship + 7 years	Legal, tax, and audit requirements
Security Logs	1 year	Security monitoring and incident response
Marketing Data	Until consent withdrawn + 3 years	Campaign effectiveness and compliance
Website Analytics	26 months	Performance analysis and improvement
Support Tickets	3 years after resolution	Service improvement and legal protection

7.1 Deletion Procedures

When data reaches the end of its retention period:

Electronic data is securely overwritten using DoD 5220.22-M standards
Physical media is destroyed through certified shredding or degaussing
Backups are purged according to our backup retention schedule
Deletion is logged and auditable

8. International Data Transfers

As a global cybersecurity provider, we may transfer your information internationally. We ensure appropriate safeguards are in place:

8.1 Transfer Mechanisms

Standard Contractual Clauses (SCCs): EU-approved contracts for data transfers
Adequacy Decisions: Transfers to countries with adequate data protection laws
Binding Corporate Rules: Internal policies for intra-group transfers
Your Consent: Explicit consent for specific transfers when required

8.2 Data Localization

Where required by law, we maintain data within specific geographic regions:

EU data remains within the European Economic Area
Canadian data stays within Canada when required
Compliance with local data residency requirements

9. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. When we make changes:

We will update the "Last Updated" date at the top of this policy
For material changes, we will provide prominent notice (such as via email)
We may require you to acknowledge the updated policy
The updated policy will be effective as of the stated date

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

11. Legal Compliance

We are committed to complying with all applicable privacy laws and regulations, including:

GDPR

General Data Protection Regulation (EU)

CCPA/CPRA

California Consumer Privacy Act/Rights Act

PIPEDA

Personal Information Protection and Electronic Documents Act (Canada)

HIPAA

Health Insurance Portability and Accountability Act (where applicable)

LGPD

Lei Geral de Proteção de Dados (Brazil)

Other Laws

Various state and international privacy regulations

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Borealis Security Privacy Team

Email

privacy@borealissecurity.com

Data Protection Officer

dpo@borealissecurity.com

Phone

+1-907-600-0222

Address

35173 Kenai Spur Hwy
Soldotna, AK 99669
United States

Response Time: We aim to respond to all privacy inquiries within 72 hours and resolve requests within 30 days.

For security purposes, we may need to verify your identity before processing certain requests.

Additional Information

Privacy Shield

While Privacy Shield is no longer a valid transfer mechanism, we continue to honor our commitments made under the framework and provide equivalent protections through other approved mechanisms.

Do Not Track

Our website responds to Do Not Track signals. When we detect a DNT signal from your browser, we do not track your activities across third-party websites.

Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies before providing any personal information.

Accessibility

We are committed to making our Privacy Policy accessible to everyone. If you need this policy in an alternative format, please contact us.

Security Assessments

Professional Services

Program Development

vCISO Leadership

Compliance

Managed Defense

Penetration Testing

Alaska Native Corps

OT & Critical Infra

Insurance (SB 134)

Playbooks

Security Score

Blog & Threat Intel

Case Studies

Quick Navigation